https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38971#M28576 <HTML><HEAD></HEAD><BODY><P>Have you made this PAN firewall part of an AD domain? UDP port 137 appears to be some NETBIOS traffic and its unlikely that the management port will be spewing that out unless this PA has been included as a domain device.</P></BODY></HTML> Wed, 28 Aug 2013 21:56:16 GMT sjamaluddin 2013-08-28T21:56:16Z https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38968#M28573 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>I monitor traffic on management interface of 3020, I have seen so many packet from management IP to an broadcast IP </P><TABLE border="0" cellpadding="0" cellspacing="0" class="tabcont" style="width: 100%;"><TBODY><TR><TD class="listr" nowrap="nowrap">Aug 23 14:49:24</TD><TD class="listr" nowrap="nowrap"> <A href="https://192.168.35.251/diag_dns.php?host=192.168.15.15" title="Reverse Resolve with DNS"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/a76ed0e94e5d2f53c8a8ffee3af7fdcec3450e5f/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f6c6f672e676966" /></A> <A href="https://192.168.35.251/easyrule.php?action=block&amp;int=lan&amp;src=192.168.15.15" title="Easy Rule: Add to Block List"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/d86f117e25762ce5901efd112069ab8ebc6e8586/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f626c6f636b5f6164642e676966" /></A> 192.168.1.15:35889&nbsp; </TD><TD class="listr" nowrap="nowrap"> <A href="https://192.168.35.251/diag_dns.php?host=203.77.255.255" title="Reverse Resolve with DNS"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/a76ed0e94e5d2f53c8a8ffee3af7fdcec3450e5f/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f6c6f672e676966" /></A> <A href="https://192.168.35.251/easyrule.php?action=pass&amp;int=lan&amp;proto=udp&amp;src=192.168.15.15&amp;dst=203.77.255.255&amp;dstport=137" title="Easy Rule: Pass this traffic"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/e6042dfe6adedb39f5a51d0e07642da023e86d68/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f706173735f6164642e676966" /></A> 203.77.255.255:<SPAN title="Service 137/udp: netbios-ns">137</SPAN>&nbsp; </TD><TD class="listr" nowrap="nowrap">UDP</TD></TR><TR><TD class="listr" nowrap="nowrap">Aug 23 14:49:24</TD><TD class="listr" nowrap="nowrap"> <A href="https://192.168.35.251/diag_dns.php?host=192.168.15.15" title="Reverse Resolve with DNS"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/a76ed0e94e5d2f53c8a8ffee3af7fdcec3450e5f/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f6c6f672e676966" /></A> <A href="https://192.168.35.251/easyrule.php?action=block&amp;int=lan&amp;src=192.168.15.15" title="Easy Rule: Add to Block List"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/d86f117e25762ce5901efd112069ab8ebc6e8586/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f626c6f636b5f6164642e676966" /></A> 192.168.1.15:52601&nbsp; </TD><TD class="listr" nowrap="nowrap"> <A href="https://192.168.35.251/diag_dns.php?host=203.77.255.255" title="Reverse Resolve with DNS"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/a76ed0e94e5d2f53c8a8ffee3af7fdcec3450e5f/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f6c6f672e676966" /></A> <A href="https://192.168.35.251/easyrule.php?action=pass&amp;int=lan&amp;proto=udp&amp;src=192.168.15.15&amp;dst=203.77.255.255&amp;dstport=137" title="Easy Rule: Pass this traffic"><IMG border="0" class="jiveImage" src="https://ip1.i.lithium.com/e6042dfe6adedb39f5a51d0e07642da023e86d68/68747470733a2f2f3139322e3136382e33352e3235312f7468656d65732f706673656e73655f6e672f696d616765732f69636f6e732f69636f6e5f706173735f6164642e676966" /></A> 203.77.255.255:<SPAN title="Service 137/udp: netbios-ns">137</SPAN>&nbsp; </TD><TD class="listr" nowrap="nowrap">UDP</TD></TR></TBODY></TABLE><P>I try to stop all service on management interface but it is not affect.</P><P>Please help me to stop these packet.</P><P></P><P>Thanks,</P></BODY></HTML> Fri, 23 Aug 2013 08:05:40 GMT https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38968#M28573 Register_Security 2013-08-23T08:05:40Z https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38969#M28574 <HTML><HEAD></HEAD><BODY><P>Do you have userid setup, that is if your PA-3020 is trying to reach some AD machine?</P></BODY></HTML> Mon, 26 Aug 2013 08:27:31 GMT https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38969#M28574 mikand 2013-08-26T08:27:31Z https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38970#M28575 <HTML><HEAD></HEAD><BODY><P>Do you have user id enabled on public zone. </P><P>Here is a doc which explains why you might see alot of traffic to random public ip address with port 137.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-4705">https://live.paloaltonetworks.com/docs/DOC-4705</A></P><P>Let us know if this helped you resolve your issue.</P><P><BR />Thanks</P><P>Numan</P></BODY></HTML> Mon, 26 Aug 2013 22:32:37 GMT https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38970#M28575 mbutt 2013-08-26T22:32:37Z https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38971#M28576 <HTML><HEAD></HEAD><BODY><P>Have you made this PAN firewall part of an AD domain? UDP port 137 appears to be some NETBIOS traffic and its unlikely that the management port will be spewing that out unless this PA has been included as a domain device.</P></BODY></HTML> Wed, 28 Aug 2013 21:56:16 GMT https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38971#M28576 sjamaluddin 2013-08-28T21:56:16Z https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38972#M28577 <HTML><HEAD></HEAD><BODY><P>Thanks for all reply.</P><P>I found and fixed the problem. </P><P>The reason is PAN auto enable "Microsoft Active Directory" my domain.</P><P><IMG alt="ad-detect-enable.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/8327_ad-detect-enable.png" /></P></BODY></HTML> Tue, 17 Sep 2013 10:29:51 GMT https://live.paloaltonetworks.com/t5/general-topics/management-inteface-send-packet-port-137-to-broadcast-public-ip/m-p/38972#M28577 Register_Security 2013-09-17T10:29:51Z